Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Justin

Posted 18 May 2005 - 07:29 PM

Justin

I do a little bit of everything

Member

2,353 posts

Lew,

A lot of things got fixed with that run, so we are close. I still see that AIM virus on your computer so lets run the Sophos program that I had you download earlier.* Close down all programs. * Go to Start|Programs|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program. * In the ‘Available scans' list, select the scan for which you want to enable disinfection. (Do not select a scheduled scan, as you will not be able to run this manually.) * Click Edit|Configure this Scan. * Select the Disinfection tab and select ‘Delete'. Click Apply|OK. * Click ‘Save and Start' to save the scan, and run it immediately. * Click 'OK' when asked if files should be deleted. * Run another scan to ensure that the virus has been removed. * Click Edit|Configure this Scan. * Select the Disinfection tab and deselect ‘Delete'. Click Apply|OKAfter running that scan:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

Justin

Posted 19 May 2005 - 08:07 PM

Shut down Microsoft Anti Spyware until we fix everything on your system. You can turn it back on once we clean everything.

Go to Start->Run and type "Services.msc" (without quotes) then hit OkScroll down and find the below service:

System Startup Service (or SvcProc)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Run HiJackThis. Click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (copy and paste):

SvcProc

Click ok.

It should pull up information about the service, when it asks if you want to reboot now click YES.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

After these fixes we will remove the minor things and hopefully you will be all set

Next post a Fresh HiJackThis log, along with the Startup List log you made in the first part of this reply.

C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present

Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..